Time4VPS (UAB "Interneto vizija") Hacked

treesmokah

Looks like someone went after Time4VPS in attempt to breach a crypto swap/exchange service FixedFloat(ff.io). Same attacker managed to steal $26.1M before, and gained access to Time4VPS backend servers in attempt to steal more.
Time4VPS acted poorly, they had critical vulnerabilities in their systems and didn't really care about it. It isn't clear at the moment if more was compromised, Time4VPS is quiet, all they posted since it occurred(but wasn't public at the time) was a blog article about 2FA.

https://ff.io/en/blog/news/reasons-for-hacking (archive)

MikeA

If everything they say is true, that's an extremely bad look for T4V... What a shitty situation.

Amadex

@MikeA said:
If everything they say is true, that's an extremely bad look for T4V... What a shitty situation.

For the entire Miss Group.

skhron

we managed to find a solution in which changing passwords on the server did not make it possible to log in to it. Thus, we tried to gain time for a gradual transition from this hosting. But we did not foresee that the attacker gained access to all functions of the hoster, including global access to all available servers, which made our actions completely ineffective.

So they used virtual machine and not dedicated server for their project? I am genuinely surprised.

Shame on Time4VPS but in this case I believe ff could've prevent this from happening

tetech

T4V uses stuff way after the EOL date, I remember some discussion in this thread: https://lowendspirit.com/discussion/comment/43955#Comment_43946

zgato

@tetech said:
T4V uses stuff way after the EOL date, I remember some discussion in this thread: https://lowendspirit.com/discussion/comment/43955#Comment_43946

their looking glass is still running Debian 9 lmao

benz

@tetech said:
T4V uses stuff way after the EOL date, I remember some discussion in this thread: https://lowendspirit.com/discussion/comment/43955#Comment_43946

Their storage VPS are still on OVZ6.
Good to have a kind of confirmation that company is running on 'autopilot' for quite some time now.

Jab

There is so many things there that makes you fucking wonder.
Why would $26.1 million be using LET provider.
Why would they be using VPS.
Why wouldn't you nuke everything after first signs.
Why the fuck would you be contacting provider if you know theirs system is "hacked" - don't you think the "hacker" is controling it too? :-D

root

It seems this client of Time4VPS truly did lose millions.

treesmokah

SlowMist(Crypto Security Firm) founder made a comment on FF and T4V situation, and advised against choosing "small" hosting providers.

https://www.binance.com/en/square/post/2024-06-30-cryptocurrency-industry-advised-against-choosing-small-service-providers-10165669960433 (archive)